download: | c0c49350eea7d913 |
Full analysis: | https://app.any.run/tasks/73b03c3b-41a5-40f8-9270-240546626284 |
Verdict: | Malicious activity |
Analysis date: | August 25, 2019, 11:00:17 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/html |
File info: | HTML document, UTF-8 Unicode text, with very long lines |
MD5: | 8D80213D78C86257AD98107FDCAD63E9 |
SHA1: | AA5C1460C4A9DBF5860B1D92B59AF50DCC74C205 |
SHA256: | 0020B16801982FF0B9CF2A893270184DCC2F24A365AE8A00890DE68CBCB55B60 |
SSDEEP: | 96:3SnxRF+nXLv0x0s3WGoqtmFw/6J7IhNL70g4wI0SlQG:3GIv0x0NqtKfIz70g4whSlQG |
msapplicationTileColor: | #220033 |
---|---|
themeColor: | #220033 |
twitterImage: | https://send.firefox.com/send-twitter.95d5f4ac.jpg |
twitterCard: | summary |
twitterDescription: | Encrypt and send files with a link that automatically expires to ensure your important documents don’t stay online forever. |
Description: | Encrypt and send files with a link that automatically expires to ensure your important documents don’t stay online forever. |
twitterTitle: | Firefox Send |
viewport: | width=device-width, initial-scale=1 |
HTTPEquivXUACompatible: | IE=edge |
google: | nositelinkssearchbox |
Robots: | none,noarchive |
Title: | Firefox Send |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2860 | "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\admin\AppData\Local\Temp\c0c49350eea7d913 | C:\Windows\system32\rundll32.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3872 | "C:\Program Files\Mozilla Firefox\firefox.exe" | C:\Program Files\Mozilla Firefox\firefox.exe | — | explorer.exe |
User: admin Company: Mozilla Corporation Integrity Level: MEDIUM Description: Firefox Exit code: 0 Version: 68.0.1 | ||||
2720 | "C:\Program Files\Mozilla Firefox\firefox.exe" | C:\Program Files\Mozilla Firefox\firefox.exe | firefox.exe | |
User: admin Company: Mozilla Corporation Integrity Level: MEDIUM Description: Firefox Version: 68.0.1 | ||||
3776 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2720.0.1568625104\1377407105" -parentBuildID 20190717172542 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2720 "\\.\pipe\gecko-crash-server-pipe.2720" 1156 gpu | C:\Program Files\Mozilla Firefox\firefox.exe | — | firefox.exe |
User: admin Company: Mozilla Corporation Integrity Level: MEDIUM Description: Firefox Version: 68.0.1 | ||||
3652 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2720.3.1374683354\1356340771" -childID 1 -isForBrowser -prefsHandle 1696 -prefMapHandle 1692 -prefsLen 1 -prefMapSize 191824 -parentBuildID 20190717172542 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2720 "\\.\pipe\gecko-crash-server-pipe.2720" 1716 tab | C:\Program Files\Mozilla Firefox\firefox.exe | firefox.exe | |
User: admin Company: Mozilla Corporation Integrity Level: LOW Description: Firefox Version: 68.0.1 | ||||
3296 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2720.13.2025155674\769600293" -childID 2 -isForBrowser -prefsHandle 2812 -prefMapHandle 2816 -prefsLen 5996 -prefMapSize 191824 -parentBuildID 20190717172542 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2720 "\\.\pipe\gecko-crash-server-pipe.2720" 2828 tab | C:\Program Files\Mozilla Firefox\firefox.exe | firefox.exe | |
User: admin Company: Mozilla Corporation Integrity Level: LOW Description: Firefox Version: 68.0.1 | ||||
4068 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2720.20.2108316899\647683805" -childID 3 -isForBrowser -prefsHandle 3532 -prefMapHandle 3536 -prefsLen 6718 -prefMapSize 191824 -parentBuildID 20190717172542 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2720 "\\.\pipe\gecko-crash-server-pipe.2720" 3556 tab | C:\Program Files\Mozilla Firefox\firefox.exe | firefox.exe | |
User: admin Company: Mozilla Corporation Integrity Level: LOW Description: Firefox Version: 68.0.1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2720 | firefox.exe | C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-current.bin | — | |
MD5:— | SHA256:— | |||
2720 | firefox.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs-1.js | — | |
MD5:— | SHA256:— | |||
2720 | firefox.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.tmp | — | |
MD5:— | SHA256:— | |||
2720 | firefox.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4.tmp | — | |
MD5:— | SHA256:— | |||
2720 | firefox.exe | C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.pset | — | |
MD5:— | SHA256:— | |||
2720 | firefox.exe | C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.sbstore | — | |
MD5:— | SHA256:— | |||
2720 | firefox.exe | C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.pset | — | |
MD5:— | SHA256:— | |||
2720 | firefox.exe | C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.sbstore | — | |
MD5:— | SHA256:— | |||
2720 | firefox.exe | C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.pset | — | |
MD5:— | SHA256:— | |||
2720 | firefox.exe | C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.sbstore | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2720 | firefox.exe | POST | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/ | US | der | 471 b | whitelisted |
2720 | firefox.exe | POST | 200 | 172.217.16.131:80 | http://ocsp.pki.goog/GTSGIAG3 | US | der | 471 b | whitelisted |
2720 | firefox.exe | POST | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/ | US | der | 471 b | whitelisted |
2720 | firefox.exe | GET | 200 | 95.100.39.8:80 | http://detectportal.firefox.com/success.txt | DE | text | 8 b | whitelisted |
2720 | firefox.exe | POST | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/ | US | der | 471 b | whitelisted |
2720 | firefox.exe | POST | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/ | US | der | 471 b | whitelisted |
2720 | firefox.exe | POST | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/ | US | der | 471 b | whitelisted |
2720 | firefox.exe | POST | 200 | 172.217.16.131:80 | http://ocsp.pki.goog/GTSGIAG3 | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2720 | firefox.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2720 | firefox.exe | 99.86.1.62:443 | snippets.cdn.mozilla.net | AT&T Services, Inc. | US | unknown |
2720 | firefox.exe | 34.210.145.79:443 | search.services.mozilla.com | Amazon.com, Inc. | US | unknown |
2720 | firefox.exe | 13.35.253.45:443 | firefox.settings.services.mozilla.com | — | US | suspicious |
2720 | firefox.exe | 95.100.39.8:80 | detectportal.firefox.com | Akamai International B.V. | DE | whitelisted |
2720 | firefox.exe | 52.24.113.72:443 | tiles.services.mozilla.com | Amazon.com, Inc. | US | unknown |
2720 | firefox.exe | 52.35.21.229:443 | push.services.mozilla.com | Amazon.com, Inc. | US | unknown |
2720 | firefox.exe | 216.58.206.10:443 | safebrowsing.googleapis.com | Google Inc. | US | whitelisted |
2720 | firefox.exe | 172.217.16.131:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
2720 | firefox.exe | 13.35.253.78:443 | content-signature-2.cdn.mozilla.net | — | US | malicious |
Domain | IP | Reputation |
---|---|---|
detectportal.firefox.com |
| whitelisted |
a1089.dscd.akamai.net |
| whitelisted |
search.services.mozilla.com |
| whitelisted |
search.r53-2.services.mozilla.com |
| whitelisted |
push.services.mozilla.com |
| whitelisted |
autopush.prod.mozaws.net |
| whitelisted |
snippets.cdn.mozilla.net |
| whitelisted |
drcwo519tnci7.cloudfront.net |
| shared |
tiles.services.mozilla.com |
| whitelisted |
tiles.r53-2.services.mozilla.com |
| whitelisted |